ANY.RUN reports security incident caused by employee email compromise and phishing

ANY.RUN, a malware analysis service, is reporting a security breach that finally compromised one of its customer accounts.

The breach occurred due to unauthorized access to an email account of an employee, which subsequently led to a secondary phishing campaign targeting contacts within the compromised employee's network. ANY.RUN has swiftly informed all potentially affected parties and is collaborating with relevant data controllers to manage the aftermath.

The compromised account did not have access to sensitive production environments or code repositories, significantly reducing the potential risk to ANY.RUN’s services and customer data.

No other details are disclosed at this time.

ANY.RUN has committed to providing continuous updates on their investigation and any corrective measures as more information becomes available.